APES 325 Risk Management for Firms

Similar documents
APES 205 CONFORMITY WITH ACCOUNTING STANDARDS

APES 320 Quality Control for Firms

APES GN 30 Outsourced Services

APES 230 Financial Planning Services

Exposure Draft of Proposed Standard: APES 330 Insolvency Services

APES 310 Dealing with Client Monies

APES 310 Dealing with Client Monies

How To Ensure That A Quality Control System Is Working Properly

(Effective as of December 15, 2009) CONTENTS

INTERNATIONAL STANDARD ON AUDITING 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT OVERVIEW

APES 110 Code of Ethics for Professional Accountants

A COMPREHENSIVE GUIDE TO QUALITY CONTROL

University of New England Compliance Management Framework and Procedures

RE: IESBA s Exposure Draft Responding to Non-Compliance with Laws and Regulations

HKSAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information

The Compliance Universe

Proposed Consequential and Conforming Amendments to Other ISAs

ISA 620, Using the Work of an Auditor s Expert. Proposed ISA 500 (Redrafted), Considering the Relevance and Reliability of Audit Evidence

EXTERNAL PEER REVIEW OF GENERAL INSURANCE LIABILITY VALUATIONS

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Competency Requirements

Introduction to the Quality Control Manual 2. Developing a quality control system in your firm 10

ISAE 3000 (Revised), Assurance Engagements Other Than Audits or Reviews of Historical Financial Information

Competency Requirements for Assurance Practitioners of Second Tier Companies Limited by Guarantee

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

CONSIDERATIONS WHEN SELECTING AN AUSTRALIAN FINANCIAL SERVICES (AFS) LICENSEE

ISRE 2400 (Revised), Engagements to Review Historical Financial Statements

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

Initial Professional Development Technical Competence (Revised)

APES 230 Financial Planning Services Issues for discussion CPA Australia and the Institute of Chartered Accountants Australia

ISA 200, Overall Objective of the Independent Auditor, and the Conduct of an Audit in Accordance with International Standards on Auditing

A guide for members APES 325 Risk Management for Firms

TGA key performance indicators and reporting measures

Draft Guidance: Non-economic Regulators: Duty to Have Regard to Growth

Better Practice Guide

How To Comply With The Law Of The Firm

Hunter Hall International Limited

Compliance Management Framework. Managing Compliance at the University

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Competence Requirements for Audit Professionals

Guidance for Small and Medium Practitioners on the Code of Ethics for Professional Accountants

Special Purpose Reports on the Effectiveness of Control Procedures

STAFF QUESTIONS AND ANSWERS

The Institute of Public Accountants. Pronouncement 11 Providing Financial Advice

A guide to the water charge (infrastructure) rules: Tier 2 requirements

OH&S MANAGEMENT SYSTEM CHECKLIST - AS 4801:2001 (STATUS A = Acceptable; N = Not Acceptable; N/A = Not Applicable)

Qualification details

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

august09 tpp Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

Business Continuity Management

SAI GLOBAL LIMITED Risk Management Policy

Ref: ED Responding to Non-Compliance or Suspected Non-Compliance with Laws and Regulations

Inquiry Regarding Litigation and Claims

Guidance Statement GS 015 Audit Implications of Accounting for Investments in Associates

Environmental Management Systems. A brief introduction to the nature and benefits of ISO14001:2015

Achieve. Performance objectives

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

APES 315 INTRODUCTION LIVE CHAT: QUESTIONS AND ANSWERS

Guidance for audit committees. The internal audit function

ISSAI Planning an Audit of Financial Statements. Financial Audit Guideline

Business Continuity Management Policy

TECHNICAL RELEASE TECH 09/14BL ACCOUNTANTS REPORTS ON COMMERCIAL PROPERTY SERVICE CHARGE ACCOUNTS

Final Draft Revised Ethical Standard 2016

Data Governance in-brief

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS (ISAE) 3402 ASSURANCE REPORTS ON CONTROLS AT A SERVICE ORGANIZATION

Preparation of a Rail Safety Management System Guideline

AN OVERVIEW OF APES 110 CODE OF ETHICS FOR PROFESSIONAL ACCOUNTANTS

Specification. Edexcel NVQ qualification. Edexcel Level 3 NVQ Certificate in Management (QCF)

COMPLIANCE CHARTER 1

Independence Audit and Review Engagements. Independence Other Assurance Engagements

Fundamental Principles of Financial Auditing

HANDY HINTS FOR IN-HOUSE COUNSEL. Law Society of New South Wales Corporate Lawyers Committee

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

RISK MANAGEMENT FRAMEWORK

Work Plan for : Enhancing Audit Quality and Preparing for the Future. The IAASB s Work Plan for December 2014

Guidance Statement GS 011 Third Party Access to Audit Working Papers

Accredited Body Report CPA Australia. For the period ended 30 June 2013

Initial Professional Development - Professional Values, Ethics, and Attitudes (Revised)

Australian Transport Council. National Standard for the Administration of Marine Safety SECTION 5

Information Governance Strategy & Policy

Discussion Paper. Issues Impacting the Accounting Industry from Outsourcing

Note that the following document is copyright, details of which are provided on the next page.

Welsh Government Response to the Report of the National Assembly for Wales Public Accounts Committee on Grant Management in Wales Final Report

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

Engineering Procedure

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

Accounting and Auditing

Explanation where the company has partially applied or not applied King III principles

Stakeholder Engagement

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission

Transcription:

APES 325 Risk Management for Firms Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: December 2011 Copyright 2011 Accounting Professional & Ethical Standards Board Limited ( APESB ). All rights reserved. Apart from fair dealing for the purpose of study, research, criticism and review as permitted by the Copyright Act 1968, no part of these materials may be reproduced, modified, or reused or redistributed for any commercial purpose, or distributed to a third party for any such purpose, without the prior written permission of APESB. Any permitted reproduction including fair dealing must acknowledge APESB as the source of any such material reproduced and any reproduction made of the material must include a copy of this original notice. i

APES 325 Risk Management for Firms (Issued December 2011) CONTENTS Paragraphs Scope and application 1 Definitions 2 Objectives of a Risk Management Framework 3 Establishing and maintaining a Risk Management Framework for a Firm 4 Monitoring a Firm s Risk Management policies and procedures 5 Documentation 6 Conformity with International Pronouncements 2

1 Scope and application 1.1 Accounting Professional & Ethical Standards Board Limited (APESB) issues professional standard APES 325 Risk Management for Firms (the Standard). A Risk Management Framework in compliance with this Standard is required to be established by Firms by 1 January 2013. Earlier adoption of this Standard is permitted. 1.2 APES 325 sets the standards for Members in Public Practice to establish and maintain a Risk Management Framework in their Firms in respect of the provision of quality and ethical Professional Services. Members have a responsibility, whether as owner, Partner or employee, to ensure that the Firm implements the requirements of the Standard. The level of responsibility will depend on the position held by each Member in the Firm, but as a minimum all Members should participate in the Firm achieving the objectives of the Standard. The Standard adopts the Firm as the overarching entity which must implement the requirements of the Standard, but it is the Firm s Members in Public Practice who have responsibility to ensure this occurs. 1.3 The mandatory requirements of this Standard are in bold type (black lettering), preceded or followed by discussion or explanation in normal type (grey type). APES 325 should be read in conjunction with other professional duties of Members in Public Practice, and any legal obligations that may apply. 1.4 Members in Public Practice conducting the operations of a Firm in Australia shall follow the mandatory requirements of APES 325. 1.5 Members in Public Practice conducting the operations of a Firm outside Australia shall follow the provisions of APES 325 to the extent to which they are not prevented from so doing by specific requirements of local laws and/or regulations. 1.6 Members in Public Practice shall be familiar with relevant Professional Standards and guidance notes when providing Professional Services. All Members shall comply with the fundamental principles outlined in the Code. 1.7 The Standard is not intended to detract from any responsibilities which may be imposed by law or regulation. 1.8 All references to Professional Standards, guidance notes and legislation are references to those provisions as amended from time to time. 1.9 In applying the requirements outlined in APES 325, Members in Public Practice should be guided not merely by the words but also by the spirit of the Standard and the Code. 2 Definitions For the purpose of this Standard: Code means APES 110 Code of Ethics for Professional Accountants. Engagement means an agreement, whether written or otherwise, between a Member in Public Practice and a Client relating to the provision of Professional Services by a Member in Public Practice. However, consultations with a prospective Client prior to such an agreement are not part of an Engagement. Firm means: (a) A sole practitioner, partnership, corporation or other entity of professional accountants; (b) An entity that controls such parties through ownership, management or other means; (c) An entity controlled by such parties through ownership, management or other means; or (d) An Auditor-General s office or department. Member in Public Practice means a Member, irrespective of functional classification (e.g. audit, tax, or consulting) in a Firm that provides Professional Services. The term is also used to refer to a Firm of Members in Public Practice and means a practice entity as defined by the applicable Professional Body. 3

Monitoring means a process comprising ongoing consideration and evaluation of the Firm s Risk Management Framework designed to provide reasonable confidence that the Firm s Risk Management Framework is operating effectively. Network means a larger structure: (i) that is aimed at co-operation; and (ii) that is clearly aimed at profit or cost-sharing or shares common ownership, control or management, common quality control policies and procedures, common business strategy, the use of a common brand name, or a significant part of professional resources. Partner means any individual with authority to bind the Firm with respect to the performance of a Professional Services Engagement. Personnel means Partners and Staff. Professional Services means services requiring accountancy or related skills performed by a Member in Public Practice including accounting, auditing, taxation, management consulting and financial management services. Professional Standards means all standards issued by the Accounting Professional & Ethical Standards Board and all professional and ethical requirements of the applicable Professional Body. Risk means the effect of uncertainty on objectives. Risk Management means coordinated activities undertaken by a Firm, to direct and control the activities of the Firm with regard to Risk. Risk Management Framework means the foundations 1 and organisational arrangements 2 for designing, implementing, Monitoring, reviewing and continually improving Risk Management throughout the Firm. Staff means professionals, other than Partners, including any experts the Firm engages. 3 Objectives of a Risk Management Framework 3.1 An effective Risk Management Framework should assist a Firm to meet its overarching public interest obligations as well as its business objectives by: (a) (b) (c) Facilitating business continuity; Enabling quality and ethical services to be rendered to clients; and Protecting the reputation and credibility of the Firm. 3.2 The Risk Management Framework should consist of policies designed to achieve the objectives set out in paragraph 3.1 and procedures necessary to implement and monitor compliance with those policies. The Risk Management Framework should be an integral part of the Firm s overall strategic and operational policies and practices and should take account of the Firm s Risk appetite. 3.3 A Firm s quality control policies and procedures, developed in accordance with APES 320 Quality Control for Firms, should be embedded within the Risk Management Framework. This will facilitate a Firm complying with this standard and APES 320 and ensure consistency within the Firm s policies and procedures. 3.4 The requirements of the Standard are designed to enable a Firm to achieve the objectives stated in paragraph 3.1. The proper application of the requirements is therefore expected to provide a sufficient basis for the achievement of the objectives. However, because circumstances vary widely and all such circumstances cannot be anticipated, the Firm should consider whether there are particular matters or 1 The foundations include the policy, objectives, mandate and commitment to manage Risk. 2 The organisational arrangements include plans, relationships, accountabilities, resources, processes and activities. 4

circumstances that require the Firm to establish policies and procedures in addition to those required by this Standard to meet the stated objectives. 4 Establishing and maintaining a Risk Management Framework for a Firm 4.1 A Firm shall establish and maintain a Risk Management Framework taking into consideration its public interest obligations. The Firm shall periodically evaluate the design and effectiveness of the Risk Management Framework. 4.2 The Firm s Risk Management Framework shall include policies and procedures that identify, assess and manage key organisational Risks, which may include: (a) (b) (c) (d) (e) (f) (g) (h) Governance Risks; Business continuity Risks (including succession planning); Business Risks; Financial Risks; Regulatory Risks; Technology Risks Human resources Risks; and Stakeholder Risks. Additional Risks specific to the Firm can be identified through the use of other relevant standards or guidance. 4.3 The nature and extent of the policies and procedures developed by a Firm to comply with this Standard will depend on various factors such as the size and operating characteristics of the Firm and whether it is part of a Network. 4.4 The Firm s chief executive officer (or equivalent) or, if appropriate, the Firm s managing board of Partners (or equivalent), shall take ultimate responsibility for the Firm s Risk Management Framework. 4.5 The Firm s leadership and the examples it sets significantly influence the culture of the Firm. The adoption of an appropriate culture by a Firm is dependent on clear, consistent and frequent actions and messages from all levels within the Firm that emphasise the Firm s Risk Management policies and procedures. 4.6 A Firm shall ensure that the Personnel assigned responsibility for establishing and maintaining its Risk Management Framework in accordance with this Standard have the necessary skills, experience, commitment and authority. 4.7 Firms may refer to the following documents for guidance: AS/NZS ISO 31000:2009 Risk Management Principles and guidelines which provides useful guidance to develop a framework for Risk Management: and For sole practitioners and small Firms, Module 7: Risk Management of the Guide to Practice Management for Small and Medium-sized Practices issued by the Small and Medium Practices Committee of the International Federation of Accountants. 5

5 Monitoring a Firm s Risk Management policies and procedures 5.1 A Firm shall establish a Monitoring process designed to provide reasonable confidence that the Risk Management policies and procedures relating to the Risk Management Framework are relevant, adequate and operating effectively and that instances of non-compliance with the Firm s Risk Management policies and procedures are detected. 5.2 A Firm shall establish a process whereby instances of non-compliance with the Firm s Risk Management policies and procedures are brought to the attention of the Firm s leadership who shall take appropriate corrective action. 5.3 A Firm s Monitoring process should include the requirements for the Firm: (a) (b) To undertake a review of the Firm s Risk Management Framework on a regular basis; and To designate from within the Firm s leadership a person or persons with sufficient and appropriate experience and authority the responsibility for ensuring that such regular reviews of the Firm s Risk Management Framework occurs. 6 Documentation 6.1 A Firm shall document its Risk Management Framework. 6.2 The form and content of documentation of the Risk Management Framework for a Firm is a matter of judgment and depends on a number of factors, including: The number of Personnel and offices of the Firm; and The nature and complexity of the Firm s practice and the services provided. 6.3 A Firm shall document its Risk Management policies and procedures and communicate them to the Firm s Personnel. 6.4 Communication of Risk Management policies and procedures to a Firm s Personnel should include a description of the policies and procedures, the objectives they are designed to achieve, and a message that each individual has a personal responsibility for Risk Management and is required to comply with the policies and procedures. In recognition of the importance of obtaining feedback on the Firm s Risk Management Framework and policies and procedures, the Firm s Personnel should be encouraged to communicate their views and concerns on Risk Management matters. 6.5 The documentation of a Firm s Risk Management Framework should include: Procedures for identifying potential Risks; The Firm s Risk appetite; Risks identified; Procedures for assessing and managing Risks; Treatment of identified Risks; Documentation processes; Procedures for dealing with non-compliance; Training of Staff in relation to Risk Management; and Procedures for regularly reviewing the Risk Management Framework. 6.6 A Firm shall retain all relevant documentation for a sufficient time to permit those performing the Firm s Monitoring process to evaluate its compliance with its Risk Management Framework and to comply with applicable legal or regulatory requirements for record retention. 6

6.7 A Firm shall document all instances of non-compliance with the Firm s Risk Management policies and procedures detected though its Monitoring process and the actions taken by the Firm s leadership in respect of those instances of non-compliance. Conformity with International Pronouncements The International Ethics Standard Board for Accountants (IESBA) has not issued a pronouncement equivalent to APES 325. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information